package com.atguigu.springsecurity.quickstart.config;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    private AuthenticationSuccessHandler successHandler;

    @Autowired
    private AuthenticationFailureHandler failureHandler;

    @Autowired
    private LogoutSuccessHandler logoutSuccessHandler;
    /**
     * 配置规则
     * @param http
     * @throws Exception
     */
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        // 配置成我们自己的(要有表单才行(就是默认的登录表单才能执行，不然自己定义的是不会实现的))
        http.formLogin()
                .successHandler(successHandler)
                .failureHandler(failureHandler)
        ;

        http.logout()
                .logoutSuccessHandler(logoutSuccessHandler);
        // 对于任意请求要都要进行拦截
        http.authorizeRequests().anyRequest().authenticated();
        // 不使用默认的就没有userPasswordFilter
//        super.configure(http);
    }
}
